DeadlyKiss: Hit one to rule them all. Telsy discovered a probable still unknown and untreated APT malware aimed at compromising Internet Service Providers

In the first days of September 2019, Telsy Cyber Threat Intelligence Unit received a variant of a strange and initially mysterious malware from a stream of thousands of samples coming from a partner operating in the telecommunications and internet connectivity sector.

Although this sharing had not been accompanied by much information about it, it immediately seemed quite clear that the object under analysis was not something very common to be observed.

Indeed, a clear picture emerged that led to the observation of an advanced, rare and extremely evasion-oriented malware, which implements effective layered obfuscation techniques and adopts many solutions dedicated to operate “under the radar”.

Finding no publicly known evidence regarding the family of samples in question or regarding any threat actor that made use of it, we came to the conclusion that what we were observing belonged to a new case in the world of APTs (Advanced Persistent Threats) and the probable discovery of what could be a still not publicly known APT malware. We named it “DeadlyKiss“, for expected conjunction of two different modules during its infection chain.


Read the full report:

Download ITA version report

Donwload ENG version report


Check more cyber reports on our blog.